[GitHub] incubator-guacamole-server pull request #115: GUACAMOLE-400: Fix guacd crash...

[sanhex]

GitHub user sanhex opened a pull request:

    https://github.com/apache/incubator-guacamole-server/pull/115

    GUACAMOLE-400: Fix guacd crash when ssh key fails

    Root Cause:
    In the ssh library of guacd, function ssh_client_thread(), when 
guac_ssh_get_user() fails to load private key for ssh authentication, it will 
return NULL. In this case, the subsequent call to 
guac_common_ssh_create_session() with parameter 'user=0x0' will cause guacd 
crash in function guac_common_ssh_authenticate() by accessing 'user->username'.
    
    Solution:
    In guac_common_ssh_create_session(), validate parameter 'user'. If it is 
NULL, abort the ssh session.
    Reviewed the logic for other parameters of the function, they look okay and 
no need to be validated at this point.
    
    Test:
    - configured a ssh app with an encrypted private key and a wrong passphrase.
    - ran the ssh app from web portal and observed guacd crash.
    - applied the fix and reran the ssh app. Observed no crash.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/sanhex/incubator-guacamole-server patch-1

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-guacamole-server/pull/115.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #115
    
----
commit 6c9c87a04ab9e4e8de454a816cccdd0ebd35af3e
Author: sanhex <san...@gmail.com>
Date:   2017-09-28T18:06:24Z

    GUACAMOLE-400: Fix guacd crash when ssh key fails
    
    Root Cause:
    In the ssh library of guacd, function ssh_client_thread(), when 
guac_ssh_get_user() fails to load private key for ssh authentication, it will 
return NULL. In this case, the subsequent call to 
guac_common_ssh_create_session() with parameter 'user=0x0' will cause guacd 
crash in function guac_common_ssh_authenticate() by accessing 'user->username'.
    
    Solution:
    In guac_common_ssh_create_session(), validate parameter 'user'. If it is 
NULL, abort the ssh session.
    Reviewed the logic for other parameters of the function, they look okay and 
no need to be validated at this point.
    
    Test:
    - configured a ssh app with an encrypted private key and a wrong passphrase.
    - ran the ssh app from web portal and observed guacd crash.
    - applied the fix and reran the ssh app. Observed no crash.

----


---